CVE-2025-1974 PoC — Kubernetes ingress-nginx 安全漏洞

Source

https://github.com/yoshino-s/CVE-2025-1974

Associated Vulnerability

Title:Kubernetes ingress-nginx 安全漏洞 (CVE-2025-1974)
Description:Kubernetes ingress-nginx是云原生计算基金会（Cloud Native Computing Foundation）开源的Kubernetes 的入口控制器，使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞，该漏洞源于在某些条件下，未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码，可能导致Secrets泄露。

Readme

# README

Talk is cheap, just look at the code.

Detailed can be found at https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

## Usage

1. Change the ip in `shell.c`
2. Check the docker is available and run `make shell.so`. (We need to build so in alpine to make sure it can works in nginx-ingress-controller which is base on musl-libc)
3. Run `python3 exploit.py` to get your shell.

> You may need to change the range at line 25 and 26, which indicates the range of the pid and fd. The default value is a compromise between the speed and the success rate.
> You can get the target value by running `kpexec -n ingress-nginx ingress-nginx-controller-xxxxxxxxx-xxxxx -it -- bash` to get into container by root and run `ls  -ahl /proc/*/fd/* | grep body` in container, when you are in proofing env.

File Snapshot


 [4.0K]  /data/pocs/e7814e88877c910ff5241aab7e6ea44046e7c7e0
├── [ 328]  build.sh
├── [2.2K]  exploit.py
├── [ 100]  Makefile
├── [ 183]  pyproject.toml
├── [ 812]  README.md
├── [1.8K]  req.json
├── [ 425]  req.yaml
├── [ 716]  shell.c
└── [5.3K]  uv.lock

0 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!